hudson.security.GlobalMatrixAuthorizationStrategy Java Examples
The following examples show how to use
hudson.security.GlobalMatrixAuthorizationStrategy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ProfileApiTest.java From blueocean-plugin with MIT License | 6 votes |
|
@Test
public void shouldFailForAnonymousRead() throws IOException {
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice","alice");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ,"alice");
Map resp = new RequestBuilder(baseUrl)
.status(403)
.get("/users/")
.build(Map.class);
assertEquals(403, resp.get("code"));
}
Example #2
| Source File: ProfileApiTest.java From blueocean-plugin with MIT License | 6 votes |
|
@Test
public void shouldSucceedForAnonymousRead() throws IOException {
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice","alice");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ,"anonymous");
List resp = new RequestBuilder(baseUrl)
.status(200)
.get("/users/")
.build(List.class);
assertEquals(1, resp.size());
}
Example #3
| Source File: ProfileApiTest.java From blueocean-plugin with MIT License | 6 votes |
|
@Test
public void shouldFailForUnauthorizedUser() throws IOException, UnirestException {
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice","alice");
realm.createAccount("bob","bob");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ,"alice");
Map resp = new RequestBuilder(baseUrl)
.status(403)
.auth("bob", "bob")
.get("/users/")
.build(Map.class);
assertEquals(403, resp.get("code"));
}
Example #4
| Source File: GitLabConnectionConfigTest.java From gitlab-plugin with GNU General Public License v2.0 | 6 votes |
|
@Test
public void authenticationEnabled_anonymous_forbidden() throws IOException {
Boolean defaultValue = jenkins.get(GitLabConnectionConfig.class).isUseAuthenticatedEndpoint();
assertTrue(defaultValue);
jenkins.getInstance().setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
URL jenkinsURL = jenkins.getURL();
FreeStyleProject project = jenkins.createFreeStyleProject("test");
GitLabPushTrigger trigger = mock(GitLabPushTrigger.class);
project.addTrigger(trigger);
CloseableHttpClient client = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
request.addHeader("X-Gitlab-Event", "Push Hook");
request.setEntity(new StringEntity("{}"));
CloseableHttpResponse response = client.execute(request);
assertThat(response.getStatusLine().getStatusCode(), is(403));
}
Example #5
| Source File: GitLabConnectionConfigTest.java From gitlab-plugin with GNU General Public License v2.0 | 6 votes |
|
@Test
public void authenticationEnabled_registered_success() throws Exception {
String username = "test-user";
jenkins.getInstance().setSecurityRealm(jenkins.createDummySecurityRealm());
GlobalMatrixAuthorizationStrategy authorizationStrategy = new GlobalMatrixAuthorizationStrategy();
authorizationStrategy.add(Item.BUILD, username);
jenkins.getInstance().setAuthorizationStrategy(authorizationStrategy);
URL jenkinsURL = jenkins.getURL();
jenkins.createFreeStyleProject("test");
CloseableHttpClient client = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
request.addHeader("X-Gitlab-Event", "Push Hook");
String auth = username + ":" + username;
request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + new String(Base64.encodeBase64(auth.getBytes(Charset.forName("ISO-8859-1")))));
request.setEntity(new StringEntity("{}"));
CloseableHttpResponse response = client.execute(request);
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
Example #6
| Source File: GitLabConnectionConfigTest.java From gitlab-plugin with GNU General Public License v2.0 | 6 votes |
|
@Test
public void authenticationDisabled_anonymous_success() throws IOException, URISyntaxException {
jenkins.get(GitLabConnectionConfig.class).setUseAuthenticatedEndpoint(false);
jenkins.getInstance().setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
URL jenkinsURL = jenkins.getURL();
jenkins.createFreeStyleProject("test");
CloseableHttpClient client = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(jenkinsURL.toExternalForm() + "project/test");
request.addHeader("X-Gitlab-Event", "Push Hook");
request.setEntity(new StringEntity("{}"));
CloseableHttpResponse response = client.execute(request);
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
Example #7
| Source File: GlobalMatrixAuthorizationTest.java From configuration-as-code-plugin with MIT License | 5 votes |
|
@Test
@ConfiguredWithReadme("matrix-auth/README.md")
public void checkCorrectlyConfiguredPermissions() throws Exception {
assertEquals("The configured instance must use the Global Matrix Authentication Strategy", GlobalMatrixAuthorizationStrategy.class, Jenkins.get().getAuthorizationStrategy().getClass());
GlobalMatrixAuthorizationStrategy gms = (GlobalMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy();
List<String> adminPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER));
assertEquals("authenticated", adminPermission.get(0));
List<String> readPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ));
assertEquals("anonymous", readPermission.get(0));
}
Example #8
| Source File: ArtifactsSecurity564.java From blueocean-plugin with MIT License | 5 votes |
|
/**
* Uses matrix-auth to provide artifacts permission.
*
* If hudson.security.ArtifactsPermission is set then the user must have Run.ARTIFACTS set.
*
* @throws Exception
*/
@Issue("SECURITY-564")
@Test
public void testArtifactsWithPermissions() throws Exception {
String JOB_NAME = "artifactPermissions";
String artifactPath = "a/b/c";
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice","alice");
realm.createAccount("bob","bob");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ,"alice");
as.add(Item.READ,"alice");
as.add(Run.ARTIFACTS,"alice");
as.add(Hudson.READ,"bob");
as.add(Item.READ,"bob");
FreeStyleProject p = j.createFreeStyleProject(JOB_NAME);
p.getBuildersList().add(new ArtifactBuilder(artifactPath, 100));
p.getPublishersList().add(new ArtifactArchiver("**/*"));
Run r = p.scheduleBuild2(0).waitForStart();
r = j.waitForCompletion(r);
List artifacts = request().authAlice().get("/organizations/jenkins/pipelines/"+JOB_NAME+"/runs/"+r.getId()+"/artifacts").build(List.class);
Assert.assertEquals(100, artifacts.size());
Assert.assertEquals(0, ((Map) artifacts.get(0)).get("size"));
Assert.assertEquals(artifactPath + "/0.txt", ((Map) artifacts.get(0)).get("path"));
Assert.assertEquals("/job/artifactPermissions/1/artifact/"+ artifactPath +"/0.txt", ((Map) artifacts.get(0)).get("url"));
List artifactsBob = request().auth("bob", "bob").get("/organizations/jenkins/pipelines/"+JOB_NAME+"/runs/"+r.getId()+"/artifacts").build(List.class);
Assert.assertEquals(0, artifactsBob.size());
}
